218743 – Geolocation api breaks web authentication with Touch ID/Face ID

RESOLVED WORKSFORME218743

Geolocation api breaks web authentication with Touch ID/Face ID

https://bugs.webkit.org/show_bug.cgi?id=218743

Summary Geolocation api breaks web authentication with Touch ID/Face ID

Levon Karapetyan

Reported 2020-11-10 03:18:54 PST

When a geolocation API is used between user click and WebAuthn call, then Safari on iOS 14 restricts Touch ID/Face ID usage. Here is a code example: document.getElementById("mybutton").onclick = function() { navigator.geolocation.getCurrentPosition(register, register); } function register() { var options = {...}; navigator.credentials.create({ publicKey: options }) .then(console.log) .catch(console.error); }

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-11-10 15:51:15 PST

<rdar://problem/71258803>

Marcos Caceres

Comment 2 2026-03-26 11:34:54 PDT

Tested on a physical iOS device running current iOS/WebKit (March 2026). Both the baseline (direct tap → credentials.create()) and the bug scenario (tap → geolocation.getCurrentPosition() → credentials.create() from callback) succeed — the passkey sheet appears and completes normally in both cases. This is no longer reproducible. Closing as WORKSFORME.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P2

Severity Normal

Classification Unclassified

Version Safari 14

Hardware iPhone / iPad

OS Unspecified

Product WebKit

Component WebKit Misc.

Assignee

Nobody

Reported

2020-11-10 03:18 PST

Modified

2026-03-26 11:35 PDT History

CC List

4 users Show

URL

Keywords InRadar

Depends on

Blocks